Postfix + sasldb 問題(截至 2021 年 3 月已解決)
PS(已解決:截至 2021 年 3 月的 Alpine Linux 解決方案,cyrus-sasl 2.1.27-r12 中的修復位於邊緣分支中。3.13 只有 cyrus-sasl 2.1.27-r10。
PS:我知道有類似的文章,但它們非常過時,就像 2015 年一樣。我的問題是 2021 年,去年還在工作。
我在 alpine:edge docker 容器中使用帶有 sasldb2 的後綴。但最近(2021 年 1 月)我發現它停止工作了。情況很奇怪,因為相同的 /etc/sasl2/sasldb2 文件適用於 saslauthd,但如果我使用 auxprop 設置則不會。
使用 sasldb2(不工作)
/etc/sasl2/smtpd.conf
pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN
後綴日誌:
Jan 17 07:46:07 johnsiu postfix/smtpd[108]: connect from mail-ej1-x635.google.com[2a00:1450:4864:20::635] Jan 17 07:46:08 johnsiu postfix/smtpd[108]: warning: SASL authentication failure: Couldn't fetch entry from /etc/sasl2/sasldb2 Jan 17 07:46:08 johnsiu postfix/smtpd[108]: warning: SASL authentication failure: Password verification failed Jan 17 07:46:08 johnsiu postfix/smtpd[108]: warning: mail-ej1-x635.google.com[2a00:1450:4864:20::635]: SASL PLAIN authentication failed: generic failure Jan 17 07:46:08 johnsiu postfix/smtpd[108]: lost connection after AUTH from mail-ej1-x635.google.com[2a00:1450:4864:20::635] Jan 17 07:46:08 johnsiu postfix/smtpd[108]: disconnect from mail-ej1-x635.google.com[2a00:1450:4864:20::635] ehlo=2 starttls=1 auth=0/1 commands=3/4
使用 saslauthd(工作)
/etc/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN
手動執行 saslauthd:
saslauthd -a sasldb -d
輸出:
saslauthd[125] :num_procs : 5 saslauthd[125] :mech_option: NULL saslauthd[125] :run_path : /run/saslauthd saslauthd[125] :auth_mech : sasldb saslauthd[125] :using accept lock file: /run/saslauthd/mux.accept saslauthd[125] :master pid is: 0 saslauthd[125] :listening on socket: /run/saslauthd/mux saslauthd[125] :using process model saslauthd[125] :forked child: 126 saslauthd[125] :forked child: 127 saslauthd[125] :forked child: 128 saslauthd[125] :forked child: 129 saslauthd[125] :acquired accept lock saslauthd[125] :released accept lock saslauthd[129] :acquired accept lock saslauthd[125] :auth success: [user=test] [service=smtp] [realm=example.org] [mech=sasldb] saslauthd[125] :response: OK
後綴日誌:
Jan 17 07:48:41 johnsiu postfix/smtpd[120]: connect from mail-ej1-x631.google.com[2a00:1450:4864:20::631] Jan 17 07:48:42 johnsiu postfix/smtpd[120]: disconnect from mail-ej1-x631.google.com[2a00:1450:4864:20::631] ehlo=2 starttls=1 auth=1 quit=1 commands=5
作業系統版本
# cat /etc/os-release NAME="Alpine Linux" ID=alpine VERSION_ID=3.13.0_alpha20201218 PRETTY_NAME="Alpine Linux edge" HOME_URL="https://alpinelinux.org/" BUG_REPORT_URL="https://bugs.alpinelinux.org/"
已安裝的軟體包
apk list -I|sort WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/edge/main: No such file or directory WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/edge/community: No such file or directory alpine-baselayout-3.2.0-r8 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed] alpine-keys-2.2-r0 x86_64 {alpine-keys} (MIT) [installed] apk-tools-2.12.0-r3 x86_64 {apk-tools} (GPL-2.0-only) [installed] busybox-1.32.0-r8 x86_64 {busybox} (GPL-2.0-only) [installed] ca-certificates-20191127-r5 x86_64 {ca-certificates} (MPL-2.0 AND MIT) [installed] ca-certificates-bundle-20191127-r5 x86_64 {ca-certificates} (MPL-2.0 AND MIT) [installed] cyrus-sasl-2.1.27-r10 x86_64 {cyrus-sasl} (custom) [installed] cyrus-sasl-crammd5-2.1.27-r10 x86_64 {cyrus-sasl} (custom) [installed] cyrus-sasl-digestmd5-2.1.27-r10 x86_64 {cyrus-sasl} (custom) [installed] cyrus-sasl-gs2-2.1.27-r10 x86_64 {cyrus-sasl} (custom) [installed] cyrus-sasl-gssapiv2-2.1.27-r10 x86_64 {cyrus-sasl} (custom) [installed] cyrus-sasl-login-2.1.27-r10 x86_64 {cyrus-sasl} (custom) [installed] cyrus-sasl-ntlm-2.1.27-r10 x86_64 {cyrus-sasl} (custom) [installed] cyrus-sasl-scram-2.1.27-r10 x86_64 {cyrus-sasl} (custom) [installed] gdbm-1.19-r0 x86_64 {gdbm} (GPL-3.0-or-later) [installed] heimdal-libs-7.7.0-r4 x86_64 {heimdal} (BSD-3-Clause) [installed] icu-libs-67.1-r2 x86_64 {icu} (MIT ICU Unicode-TOU) [installed] krb5-conf-1.0-r2 x86_64 {krb5-conf} (MIT) [installed] libc-utils-0.7.2-r3 x86_64 {libc-dev} (BSD-2-Clause AND BSD-3-Clause) [installed] libcom_err-1.45.6-r1 x86_64 {e2fsprogs} (GPL-2.0-or-later AND LGPL-2.0-or-later AND BSD-3-Clause AND MIT) [installed] libcrypto1.1-1.1.1i-r0 x86_64 {openssl} (OpenSSL) [installed] libgcc-10.2.1_pre1-r3 x86_64 {gcc} (GPL-2.0-or-later LGPL-2.1-or-later) [installed] libsasl-2.1.27-r10 x86_64 {cyrus-sasl} (custom) [installed] libssl1.1-1.1.1i-r0 x86_64 {openssl} (OpenSSL) [installed] libstdc++-10.2.1_pre1-r3 x86_64 {gcc} (GPL-2.0-or-later LGPL-2.1-or-later) [installed] libtls-standalone-2.9.1-r1 x86_64 {libtls-standalone} (ISC) [installed] lmdb-0.9.27-r0 x86_64 {lmdb} (OLDAP-2.8) [installed] musl-1.2.2_pre6-r0 x86_64 {musl} (MIT) [installed] musl-utils-1.2.2_pre6-r0 x86_64 {musl} (MIT BSD GPL2+) [installed] ncurses-libs-6.2_p20210109-r0 x86_64 {ncurses} (MIT) [installed] ncurses-terminfo-base-6.2_p20210109-r0 x86_64 {ncurses} (MIT) [installed] postfix-3.5.8-r0 x86_64 {postfix} (IPL-1.0 EPL-2.0) [installed] readline-8.1.0-r0 x86_64 {readline} (GPL-2.0-or-later) [installed] scanelf-1.2.6-r1 x86_64 {pax-utils} (GPL-2.0-only) [installed] sqlite-libs-3.34.0-r1 x86_64 {sqlite} (Public-Domain) [installed] ssl_client-1.32.0-r8 x86_64 {busybox} (GPL-2.0-only) [installed] tzdata-2020f-r0 x86_64 {tzdata} (Public-Domain) [installed] zlib-1.2.11-r3 x86_64 {zlib} (Zlib) [installed]
我不確定這是 alpine 發行版問題、後綴問題還是 cyrus-sasl 問題。
我的 docker 容器:https ://hub.docker.com/repository/docker/jsiu/postfix
更新到 postfix 3.5.9-r0 後問題仍然存在。
測試結果:
/ # ls -lh /run/saslauthd/ total 4K srwxrwxrwx 1 root root 0 Feb 18 02:36 mux -rw------- 1 root root 0 Feb 18 02:36 mux.accept -rw------- 1 root root 4 Feb 18 02:36 saslauthd.pid
以下語法有效:
/ # testsaslauthd -f /run/saslauthd/mux -r **** -u **** -p ****
但以下不起作用:
/ # testsaslauthd -f /run/saslauthd/mux -s"smtpd" -u"****@****" -p"****" 0: NO "authentication failed"
嘗試了單引號,雙引號,無引號,空格,密碼但結果相同。
‘saslauthd -a sasldb -d’ 失敗嘗試的輸出:
/etc/postfix # saslauthd -a sasldb -d saslauthd[195] :num_procs : 5 saslauthd[195] :mech_option: NULL saslauthd[195] :run_path : /run/saslauthd saslauthd[195] :auth_mech : sasldb saslauthd[195] :using accept lock file: /run/saslauthd/mux.accept saslauthd[195] :master pid is: 0 saslauthd[195] :listening on socket: /run/saslauthd/mux saslauthd[195] :using process model saslauthd[195] :forked child: 196 saslauthd[196] :acquired accept lock saslauthd[195] :forked child: 197 saslauthd[195] :forked child: 198 saslauthd[195] :forked child: 199 saslauthd[198] :acquired accept lock saslauthd[196] :released accept lock saslauthd[196] :auth failure: [user=****@****] [service=smtpd] [realm=] [mech=sasldb] [reason=Unknown] saslauthd[196] :response: NO
這是一個錯誤。
errno
for fetch 呼叫被另一個呼叫破壞。見:https ://github.com/cyrusimap/cyrus-sasl/pull/554高山修復:https ://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/18576
編輯:截至 2021 年 3 月 10 日,合併並作為 2.1.27-r12 發佈到 Alpine Edge。
就像您建議的那樣,查明問題很重要。您的身份驗證鏈如下所示: postfix => (Cyrus) saslauthd => /etc/sasldb2
我建議您使用 testsaslauthd 命令測試 SASL:
testsaslauthd -f /run/saslauthd/mux -s"smtp" -u"test@example.org" -p"yourpass" testsaslauthd -f /run/saslauthd/mux -s"smtp" -r"example.org" -u"test" -p"yourpass"
如果上述方法不起作用,請在此處發布輸出。
如果上述方法有效,您將獲得
0: OK "Success."
我們將不得不比 SASL 看得更遠。